Implement Ell2 as general utility

davxy · Jun 6, 2024 · ace3e25 · ace3e25
1 parent 3aff023
commit ace3e25
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 14 deletions.
diff --git a/src/arkworks/elligator2.rs b/src/arkworks/elligator2.rs
@@ -8,8 +8,7 @@ use ark_ec::{
     hashing::{
         // TODO: this looks identical to the one introduced by #659
         curve_maps::swu::parity,
-        map_to_curve_hasher::{MapToCurve, MapToCurveBasedHasher},
-        HashToCurve,
+        map_to_curve_hasher::MapToCurve,
         HashToCurveError,
     },
     twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig},
@@ -148,6 +147,7 @@ impl<P: Elligator2Config> MapToCurve<Projective<P>> for Elligator2Map<P> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use ark_ec::hashing::{map_to_curve_hasher::MapToCurveBasedHasher, HashToCurve};
     use ark_ff::{field_hashers::DefaultFieldHasher, Fp64, MontBackend, MontFp};
     use sha2::Sha256;
 

diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs
@@ -162,14 +162,6 @@ pub mod edwards {
         );
     }
 
-    use ark_ec::hashing::HashToCurve;
-
-    pub type Elligator2MapToCurve = ark_ec::hashing::map_to_curve_hasher::MapToCurveBasedHasher<
-        ark_ec::twisted_edwards::Projective<ark_ed_on_bls12_381_bandersnatch::BandersnatchConfig>,
-        ark_ff::field_hashers::DefaultFieldHasher<sha2::Sha512, 128>,
-        arkworks::elligator2::Elligator2Map<ark_ed_on_bls12_381_bandersnatch::BandersnatchConfig>,
-    >;
-
     #[cfg(feature = "ring")]
     mod ring_defs {
         use super::*;
@@ -206,10 +198,23 @@ pub mod edwards {
 
     #[test]
     fn test_elligator2_hash_to_curve() {
-        let hasher = Elligator2MapToCurve::new(b"dom").unwrap();
-        let point = hasher.hash(b"foo").unwrap();
+        let point =
+            utils::hash_to_curve_ell2_rfc_9380::<BandersnatchSha512Edwards>(b"foo").unwrap();
         assert!(point.is_on_curve());
         assert!(point.is_in_correct_subgroup_assuming_on_curve());
+
+        {
+            use ietf::{Prover, Verifier};
+
+            let secret = Secret::from_seed(b"asd");
+            let public = secret.public();
+            let input = Input::from(point);
+            let output = secret.output(input);
+
+            let proof = secret.prove(input, output, b"foo");
+            let result = public.verify(input, output, b"foo", &proof);
+            assert!(result.is_ok());
+        }
     }
 }
 

diff --git a/src/utils.rs b/src/utils.rs
@@ -1,7 +1,8 @@
 use crate::{AffinePoint, HashOutput, ScalarField, Suite};
 
+use ark_ec::AffineRepr;
 use ark_ff::PrimeField;
-use digest::Digest;
+use digest::{Digest, FixedOutputReset};
 
 #[cfg(not(feature = "std"))]
 use ark_std::vec::Vec;
@@ -73,7 +74,9 @@ pub fn hash_to_curve_tai_rfc_9381<S: Suite>(
     const DOM_SEP_FRONT: u8 = 0x01;
     const DOM_SEP_BACK: u8 = 0x00;
 
-    let mod_size = <<<S::Affine as AffineRepr>::BaseField as Field>::BasePrimeField as PrimeField>::MODULUS_BIT_SIZE as usize / 8;
+    let mod_size = <<crate::BaseField<S> as Field>::BasePrimeField as PrimeField>::MODULUS_BIT_SIZE
+        as usize
+        / 8;
     if S::Hasher::output_size() < mod_size {
         return None;
     }
@@ -100,6 +103,28 @@ pub fn hash_to_curve_tai_rfc_9381<S: Suite>(
     None
 }
 
+pub fn hash_to_curve_ell2_rfc_9380<S: Suite>(data: &[u8]) -> Option<AffinePoint<S>>
+where
+    <S as Suite>::Hasher: Default + Clone + FixedOutputReset + 'static,
+    crate::CurveConfig<S>: ark_ec::twisted_edwards::TECurveConfig,
+    crate::CurveConfig<S>: crate::arkworks::elligator2::Elligator2Config,
+    crate::arkworks::elligator2::Elligator2Map<crate::CurveConfig<S>>:
+        ark_ec::hashing::map_to_curve_hasher::MapToCurve<<AffinePoint<S> as AffineRepr>::Group>,
+{
+    use ark_ec::hashing::HashToCurve;
+    const SEC_PARAM: usize = 128;
+
+    let hasher = ark_ec::hashing::map_to_curve_hasher::MapToCurveBasedHasher::<
+        <AffinePoint<S> as AffineRepr>::Group,
+        ark_ff::field_hashers::DefaultFieldHasher<<S as Suite>::Hasher, SEC_PARAM>,
+        crate::arkworks::elligator2::Elligator2Map<crate::CurveConfig<S>>,
+    >::new(b"")
+    .ok()?;
+
+    let res = hasher.hash(data).ok()?;
+    Some(res)
+}
+
 /// Challenge generation according to RFC 9381 section 5.4.3.
 pub fn challenge_rfc_9381<S: Suite>(pts: &[&AffinePoint<S>], ad: &[u8]) -> ScalarField<S> {
     const DOM_SEP_START: u8 = 0x02;